EMA Research Report: Data-Driven Security Unleashed: A Look Into the Tools That Drive Security

Date: 05/02/2017

Length: 86 pages

Cost: $795.00

Abstract:

The "Data-Driven Security Unleashed" report is the fourth iteration in the Data-Driven Security series. Each report uses core questions for trending demographics and technology uses, but each also has its own unique focus. "Data-Driven Security," the first report (released in 2012), asked about the tools and data collection preferences for improving security. EMA released "The Evolution of Data-Driven Security" in 2014 as the second iteration. Beginning in 2015, the report began asking more questions about key drivers and value. "Data-Driven Security Unleashed" also adapted to the marketspace by replacing some of the previous technologies with emerging or impactful solutions.

EMA used the collected data to paint the picture of perceived most valuable tools and their use cases, as well as key drivers to adoption and the frustrations users experience. During the course of the research, EMA substantiated that insufficient staff is a problem that is only getting worse. This is not due to budget pressures as often as it is the lack of skilled or qualified personnel available in the market. In 2015, 68 percent of respondents indicated their organizations were experiencing impacts from staffing shortages. That number rose to 76 percent in 2016. While 35 percent of organizations are hiring less skilled/qualified personnel and training them to meet their needs (up five points from the previous report), 21 percent say they just cannot find personnel at all (up seven points from 2015). However, though staffing issues were the primary frustration within IT security, respondents reinforced the idea that meeting compliance requirements was detracting from making real security improvement was introduced, along with the recognition that organizations' lack of repeatable, saleable processes is also a major hindrance. Lastly, though organizations did not complain about false positives to the same level as they did 2015 and early 2016, they indicated that it is difficult to prioritize remediation of threats and exposures. These changes in focus help vendors understand where improvements were made and where they need to continue.

Some of the top use cases for security technology were enhancing breach/compromise prevention; detection and/or response; malware prevention, detection, and/or removal; identifying malicious threat actor activities and data exfiltration; and providing highly actionable intelligence/context for incident prioritization. It is clear from the research that teams are looking for improvements at the beginning of the cyber kill chain. Reducing dwell time for attackers has become paramount.

2014 and 2015 battered confidence in security's ability to detect incidents before becoming a significant impact. Confidence dropped from 31 to 21 percent of respondents being only "somewhat confident" into "highly doubtful" of detecting a security issue before it made a significant impact. However, advances in technology changed the previous four-year trends in these areas. As of 2016, 48 percent of respondents were confident that they could detect an incident prior to it becoming a significant impact. This is at least partly due to the fact that more companies are creating security baselines for their environments. As a result, companies feel more confident about their ability to monitor and prioritize threats to their high-priority assets and detect breaches before they create a significant impact.

The largest change in the report for 2016 was the inclusion of network security policy management as a technology. Though vendors in this space have existed for as many as 12 years, the growing complexity and span of networks (combined with the need for centralized security policy implementation and visibility) gave this category a huge introduction to the report. 53 percent of organizations said they were using a tool of this type, making it the most widely used solution in the report. It also scored at second place for value based on total cost of ownership.

The "Data-Driven Security Unleashed" report is a guide to market perceptions about the strengths of various tools and weaknesses from security and IT personnel, as well as individual contributors through the management ranks.